22 matches found
CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...
CVE-2026-7381
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
CVE-2026-7381
Plack::Middleware::XSendfile (Perl)
Linux Distros Unpatched Vulnerability : CVE-2026-31534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch...
CVE-2026-3729
A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and...
MiracleLinux 8 : samba-4.11.2-13.el8 (AXSA:2020-904:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-904:04 advisory. samba: Combination of parameters and permissions can allow user to escape from the share path definition CVE-2019-10197 samba: smb client vulnerable ...
CVE-2025-10341
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...
FreeBSD : grafana -- XSS vulnerability (45eb98d6-3b13-11f0-97f7-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 45eb98d6-3b13-11f0-97f7-b42e991fc52e advisory. [email protected] reports: A cross-site scripting XSS vulnerability exists in Grafana caused by...
BIT-GRAFANA-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
GHSA-Q53Q-GXQ9-MGRJ Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
CVE-2025-4123
Grafana OSS is affected by CVE-2025-4123, a cross-site scripting (XSS) flaw caused by a combination of client path traversal and an open redirect. The issue does not require editor permissions; it can be triggered when anonymous access is enabled, causing arbitrary JavaScript execution in the use...
CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
CVE-2025-4123
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
Astra Linux โ Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: Resets cid to connum โ 1 to remain within bounds. In the function initconns, after the createcon and createcm calls for the loop, if something fails. During the cleanup phase of the loop, after the destroy tag, we...
CVE-2024-47119
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client...
Farmacia ๆณจๅ ฅๆผๆด
Farmacia is a content management system from code-projects. An injection vulnerability exists in code-projects Farmacia version 1.0, which stems from an SQL injection vulnerability contained in the id parameter of the /editar-cliente.php file...